Future of VPN: CIPE or IPSEC?
WipeOut
wipe_out at onetel.com
Wed Nov 19 10:35:11 UTC 2003
Christians, Stefan Mr. wrote:
>We are just migrating our network from RHL 8.0 and 9 to Fedora Core 1.
>
>Up to now we have had an IPSEC VPN by using FreeS/wan patches. Since we
>implemented the VPN, some things have changed:
>
>1) The reasons we had for choosing IPSEC over CIPE turned out to be
>non-issues (all arguments we had for using IPSEC were never used, needed
>or implemented).
>
>2) We have found all software not included in the standard distribution
>packages to cause maintenance nightmares. We have therefore decided that
>if a required functionality is included in the standard distribution, we
>will not use 3rd party solutions.
>
>
>So now the big question for us is whether we should migrate our VPN
>routers to Fedora Core 1 and convert them to CIPE, or whether we should
>wait a few more months until the 2.6 kernel with integrated IPSEC is
>included in the standard distribution.
>
>The key question here is whether CIPE will be maintained as a Fedora
>Package once the 3.6 kernel is distributed, or whether it will gradually
>be phased out. We want to avoid converting to CIPE now and then back to
>IPSEC again after a year.
>
>Can any Fedora developer or strategist comment on this?
>
>
>
>
You might want to take a look at Trustix www.trustix.net for you VPN
routers..
Its an application specific distro with a prime objective of security
and based originally on RH.. It has the Freeswan rpms as part of the
distro so they are maintained by the team.. Also does away with the
packages that are not needed for servers or routers so a minimum install
is only about 90MB compared to Fedora of 500+..
That way you don't have to abandon your knowledge of freeswan..
Later..
More information about the users
mailing list